<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
 <head>
  <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  <title>简介</title>

 </head>
 <body><div class="manualnavbar" style="text-align: center;">
 <div class="prev" style="text-align: left; float: left;"><a href="book.taint.html">Taint</a></div>
 <div class="next" style="text-align: right; float: right;"><a href="taint.setup.html">安装／配置</a></div>
 <div class="up"><a href="book.taint.html">Taint</a></div>
 <div class="home"><a href="index.html">PHP Manual</a></div>
</div><hr /><div id="intro.taint" class="preface">
  <h1 class="title">简介</h1>
  <p class="para">
   Taint is an extension, which is used for detecting XSS codes(tainted
   string).
   And also can be used to spot sql injection vulnerabilities, and shell
   inject, etc.
  </p>
  <p class="para">
   When taint is enabled, if you pass a tainted string (comes from $_GET,
   $_POST or $_COOKIE) to some functions, taint will warn you about that.
  </p>
  <div class="example" id="example-4094">
   <p><strong>Example #1 <span class="function"><a href="function.taint.html" class="function">Taint()</a></span>example</strong></p>
   <div class="example-contents">
<div class="phpcode"><code><span style="color: #000000">
<span style="color: #0000BB">&lt;?php<br />$a&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">trim</span><span style="color: #007700">(</span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">'a'</span><span style="color: #007700">]);<br /><br /></span><span style="color: #0000BB">$file_name&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #DD0000">'/tmp'&nbsp;</span><span style="color: #007700">.&nbsp;&nbsp;</span><span style="color: #0000BB">$a</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">$output&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #DD0000">"Welcome,&nbsp;</span><span style="color: #007700">{</span><span style="color: #0000BB">$a</span><span style="color: #007700">}</span><span style="color: #DD0000">&nbsp;!!!"</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">$var&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #DD0000">"output"</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">$sql&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #DD0000">"Select&nbsp;*&nbsp;&nbsp;from&nbsp;"&nbsp;</span><span style="color: #007700">.&nbsp;</span><span style="color: #0000BB">$a</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">$sql&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><span style="color: #007700">.=&nbsp;</span><span style="color: #DD0000">"ooxx"</span><span style="color: #007700">;<br /><br />echo&nbsp;</span><span style="color: #0000BB">$output</span><span style="color: #007700">;<br /><br />print&nbsp;$</span><span style="color: #0000BB">$var</span><span style="color: #007700">;<br /><br />include(</span><span style="color: #0000BB">$file_name</span><span style="color: #007700">);<br /><br /></span><span style="color: #0000BB">mysql_query</span><span style="color: #007700">(</span><span style="color: #0000BB">$sql</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">?&gt;</span>
</span>
</code></div>
   </div>

   <div class="example-contents"><p>以上例程的输出类似于：</p></div>
   <div class="example-contents screen">
<div class="cdata"><pre>
Warning: main() [function.echo]: Attempt to echo a string that might be tainted

Warning: main() [function.echo]: Attempt to print a string that might be tainted

Warning: include() [function.include]: File path contains data that might be tainted

Warning: mysql_query() [function.mysql-query]: SQL statement contains data that might be tainted
</pre></div>
   </div>
  </div>
 </div><hr /><div class="manualnavbar" style="text-align: center;">
 <div class="prev" style="text-align: left; float: left;"><a href="book.taint.html">Taint</a></div>
 <div class="next" style="text-align: right; float: right;"><a href="taint.setup.html">安装／配置</a></div>
 <div class="up"><a href="book.taint.html">Taint</a></div>
 <div class="home"><a href="index.html">PHP Manual</a></div>
</div></body></html>
